Linux system opens ports 3306, 8080, etc. to the outside world, detailed explanation of firewall settings

Many times, after we install a web service application (such as tomcat, apache, etc.) on a liunx system, we need to allow other computers to access the application, but the firewall of the linux system (centos, redhat, etc.) only opens port 22 to the outside by default.

The port settings of the Linux system are configured in the /etc/sysconfig/iptables file. Open the file using an editor. The content is as follows:

# Firewall configuration written by system-config-firewall 
# Manual customization of this file is not recommended. 
*filter 
:INPUT ACCEPT [0:0] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [0:0] 
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT

The following code is said on the Internet

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3001 -j ACCEPT

I tested the above code in CentOS6.5 and it didn't work.

If we need to open port 80 to the outside world, add the following code to the above file

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

Also note that this code needs to be added to

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

After that, otherwise the port cannot be opened either. The final configuration is as follows:

# Firewall configuration written by system-config-firewall 
# Manual customization of this file is not recommended. 
*filter 
:INPUT ACCEPT [0:0] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [0:0] 
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT

Editing the above file requires su permission.

After saving the above file, run the following command in the terminal: Update the firewall configuration

service iptables restart

The following command can see the open ports

/sbin/iptables -L -n 

The following command can turn off/on the firewall (requires restarting the system)

Enable: chkconfig iptables on 
To turn off: chkconfig iptables off

The following code can start and stop the firewall (effective immediately and invalid after restart)

Start: service iptables start  
Shutdown: service iptables stop

The above is the editor's introduction to the Linux system opening 3306, 8080 and other ports to the outside world, and the detailed integration of firewall settings. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!